Thomas says the apps include 50,000 browser extensions and 34,000 applications which target Chrome to display revenue-generating ads within the sites that victims browse.

About a third of these identified in the study Ad Injection at Scale: Assessing Deceptive Advertisement Modifications [PDF] by boffins at universities California, Berkeley, and Santa Barbara were "outright malicious", he says.

"Upwards of 30 percent of these packages were outright malicious and simultaneously stole account credentials, hijacked search queries, and reported a user’s activity to third parties for tracking," Thomas says.

"In total, we found 5.1 percent of page views on Windows and 3.4 percent of page views on Mac that showed tell-tale signs of ad injection software.

"The ad injection ecosystem profits from more than 3000 victimised advertisers — including major retailers like Sears, Walmart, Target, Ebay — who unwittingly pay for traffic to their sites."

Thomas says advertisers are blind to the injector process and see only the final ad click.

University researchers found about 1000 profiteering affiliates who score commissions for injected ad clicks including Crossrider, Shopper Pro, and Netcrawl.

Of the 25 businesses that provide the ads, Superfish and Jollywallet are "by far" the most popular accounting for 3.9 percent and 2.4 percent of Google views, respectively.

The former ad injector became an internet pariah after users revealed it had been quietly foisted on Lenovo laptops. It has since been removed.

But Choc Factory efforts are helping; Thomas says the number of warnings generated when users click on injected ads has fallen 95 percent since the company created warning flags last month and killed off 192 "deceptive" ad fiddling Chrome extensions.

"This suggests it's become much more difficult for users to download unwanted software, and for bad advertisers to promote it," Thomas says.

Google has also updated its ad policies to cut out the slimeballs and urges legitimate advertisers to do the same. ®